Traklyn — Track · Plan · Schedule

Legal

Privacy Policy

How Traklyn collects, uses, stores, and protects personal information across the platform and marketing website.

Important notice

This document is based on Traklyn's actual product features and data practices. It is provided for transparency and is not legal advice. For legal questions, consult a qualified lawyer familiar with Canadian privacy law (PIPEDA), provincial employment rules, and biometric privacy requirements.

Effective date
June 1, 2025
Last updated
June 1, 2025
Operator
Nexsysi · Powered by Nexsys-i
Product
Traklyn workforce platform

1. Introduction

Nexsysi ("Traklyn," "we," "us," or "our") operates the Traklyn workforce management platform, including the Traklyn web application (https://app.traklyn.com), kiosk timekeeping interfaces, related APIs and support services, and this marketing website (https://traklyn.com).

This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you use Traklyn.

Traklyn is a business-to-business (B2B) platform used by healthcare and staffing organizations to manage scheduling, timekeeping, workforce coordination, documents, notifications, and payroll-related hours.

2. Who This Policy Applies To

User typeExamples
Organization administratorsClient Super Admin, Client Admin, Agency Super Admin, Agency Admin
Platform administratorsTraklyn Super Admin
Employees / team membersStaff who use the Employee Portal
Kiosk usersEmployees who clock in/out at an on-site kiosk device
Website visitorsPeople who contact us through the marketing site or support form

3. Our Role: Controller vs. Service Provider

3.1 When we act as a service provider (processor)

For most workforce data entered into Traklyn by a customer organization (a client facility, staffing agency, or employer), that organization is the organization responsible for the data. Traklyn processes that information on the organization's instructions to provide the Service.

Examples: employee names, schedules, timesheets, pay rates, documents, biometric enrollment, and kiosk punch records entered by or on behalf of your employer.

If you are an employee, questions about why your data is collected, how long it is kept, or requests to access or correct employment records should generally be directed to your employer or staffing agency first. We will assist our customer organizations as required.

3.2 When we act as the organization responsible for the data

We are responsible for personal information we collect directly for our own purposes, including Traklyn platform account administration for paying customers, marketing website contact and demo inquiries, support requests sent to support@traklyn.com, and our own security, billing, and legal compliance.

4. Information We Collect

The following describes personal and sensitive information processed through Traklyn based on how the application is built today.

4.1 Account and profile information

  • Full name, email address, username, and phone number
  • Mailing address (address lines, city, postal code, country)
  • Password stored using industry-standard encryption — not plain text
  • Organization affiliation, role, profile photo, and account status
  • Email notification preferences and password reset tokens
  • Account creation, update, and deactivation timestamps

4.2 Employee / team member information

  • Employee ID, job position(s), and pay rates (compensation data)
  • Sex, date of birth, employment start date, and employment type
  • Onboarding status and welcome email timestamps
  • Contact details stored on the linked user account

4.3 Organization information

  • Organization name, type, and industry
  • Business address and active status
  • Pay period settings and kiosk enabled flag
  • Biometric face collection identifier when kiosk biometrics are enabled
  • Administrator contact details

4.4 Scheduling and workforce operations

Depending on how your organization uses Traklyn, we process agency shifts, internal schedules, pattern templates, shift statuses, assignments, comments, release notes, call-in reasons, replacements, and shift change audit logs.

4.5 Timesheet information

We process check-in/out times, total hours, break time, notes, approval status, approver identity, and — for kiosk punches — a face_verified flag when biometric verification is used.

4.6 Payroll and PayHub data

For agencies using PayHub, we process pay hours, statutory holiday flags, adjusted pay rates, pay period locks, payroll settings, and generated payroll report files stored securely in the cloud.

4.7 Documents

Organizations may upload employee compliance documents (PDF, JPG, PNG, DOC, DOCX, TXT) stored securely in the cloud. Limits: up to 15 documents per user; maximum 15 MB per document.

4.8 Biometric and kiosk data (high sensitivity)

DataPurposeStorage
Face enrollment reference photoCreate biometric template for identity verificationSecure cloud storage
Face index IDMatch face during clock-in/outSecure biometric service per organization
4-digit employee PINIdentify employee at kiosk before face scanDatabase
Kiosk punch recordsClock-in/out audit trailDatabase
Live face/liveness sessionVerify person is present and matches enrolled faceSecure identity verification service

Punch verification images from liveness are processed for matching; the app stores the enrollment reference photo and punch metadata, not a separate stored photo for every punch. See our Kiosk & Biometric Notice for employee-facing details.

4.9 Notifications and communications

In-app and email notifications may include shift events, assignment updates, and account messages. We send transactional emails, including welcome emails, password resets, shift notifications, schedule updates, PayHub reports, and support request forwarding.

4.10 Support and contact information

When you use the in-app Help page or contact us through the marketing website, we collect your message details and may receive attachments (up to 5 files, 10 MB each). Support messages are delivered by email. Marketing demo requests are sent to sales@nexsysi.com.

4.11 Technical and session data

  • Browser session storage: authentication token, user profile summary, organization ID, kiosk session flags
  • Standard app sessions: 30-minute inactivity logout with a 2-minute warning at 25 minutes
  • Kiosk mode: no inactivity timeout; secure session refreshed every 90 minutes until staff signs out
  • Server-side logs may include IP addresses, request timestamps, and error information
  • Traklyn does not currently use third-party behavioral analytics in the application

5. How We Use Information

  1. Provide the Service — scheduling, shift management, timesheets, payroll hours, documents, notifications
  2. Authenticate users — login, password reset, secure sessions, kiosk device authentication
  3. Verify identity at kiosk — PIN validation, face matching, liveness detection
  4. Facilitate client–agency workforce coordination
  5. Send transactional communications
  6. Provide customer support
  7. Maintain security and audit records
  8. Comply with law

We do not sell personal information. We do not use employee biometric data for advertising.

6. How Information Is Shared

6.1 Within the Traklyn platform (customer-controlled)

RelationshipWhat may be shared
Client ↔ Agency mappingOpen shifts, assigned shifts, employee names, timesheets, notifications, payroll hours
Team member ↔ Client mappingWhich agency employees are approved to work at which client facility
Internal shift sent to agencyUnfilled internal shifts converted to agency shifts

6.2 Traklyn platform administrators

Authorized Traklyn Super Admin personnel can access platform administration functions. Access is limited to personnel who require it for platform operation and support.

6.3 Service providers, legal requirements, and business transfers

We use authorized service providers to operate Traklyn (see Appendix C). We may disclose information if required by law or in connection with a merger, acquisition, or sale of assets with notice to affected customers.

7. International Data Processing

Traklyn's primary cloud infrastructure is hosted in Canada. Some biometric processing may occur in the United States when required for identity verification features. Data may be transferred across borders as necessary to provide the Service.

8. Data Retention

Data categoryRetention approach
Active account dataRetained while the organization's subscription/account is active
Deactivated usersSoft-deleted; may remain until purged per customer agreement
Timesheets and payrollRetained for operational and legal recordkeeping needs of the customer
Biometric enrollmentRetained while enrolled and kiosk is enabled; should be deleted when employment ends
DocumentsRetained until hard-deleted by authorized user
NotificationsRetained in application database

Customer organizations are responsible for defining retention periods that meet their legal obligations.

9. Security

  • Password hashing and secure authentication for API access
  • HTTPS for data in transit and role-based access control
  • 30-minute inactivity timeout on standard app sessions
  • Encrypted kiosk password storage and secure cloud infrastructure
  • Signed URLs for file access (documents: 1 hour; profile images: 7 days)

No method of transmission or storage is 100% secure. Organizations are responsible for protecting account credentials and physical kiosk devices.

10. Your Rights and Choices

10.1 If Traklyn is responsible for your data

Where we are responsible for your personal information (e.g., marketing inquiries), you may request access, correction, withdrawal of consent, or deletion where applicable. Contact: privacy@nexsysi.com

10.2 If your employer uses Traklyn

Employees should contact their employer or staffing agency for access to employment records, correction of HR data, biometric enrollment questions, and deletion requests after employment ends.

10.3 Canadian privacy complaints

You may file a complaint with the Office of the Privacy Commissioner of Canada. Provincial privacy commissioners may also apply depending on your location.

11. Biometric Information

  1. The customer organization must provide required notice and obtain required employee consent before enrollment
  2. Biometric data is used only to verify identity for time punches and related timesheet records
  3. We do not sell biometric information
  4. Face templates and enrollment photos are stored using secure cloud and biometric services
  5. Organizations may use non-kiosk timesheet methods where configured
  6. Employees who withdraw consent should contact their employer for alternative time-tracking

See the Kiosk & Biometric Notice for employee-facing language.

12. Children's Privacy

Traklyn is a business workforce platform not directed to individuals under 18. We do not knowingly collect personal information from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy with a new last updated date and, for material changes, provide notice via email or in-app notification to registered administrators.

14. Contact Us

Appendix A — Data Inventory

CategoryDetails
User rolesPlatform admin, organization admin, scheduler, and employee portal access
Organization typesSYSTEM, Client, Agency, FullAccess, SchedulerOnly
File upload limitsProfile: 5 MB · Documents: 15 MB · Support: 10 MB × 5 files · Kiosk enrollment: 5 MB

Appendix B — Email Notifications

Transactional emails may include welcome emails (with temporary passwords), password reset links, shift and schedule notifications, PayHub payroll reports with Excel attachments, and support contact forwarding.

Appendix C — Service Infrastructure

Traklyn uses authorized infrastructure providers to deliver the Service. We do not disclose specific vendor names in this public policy.

CategoryPurposeRegion
Cloud storageFiles, documents, and enrollment photosCanada
Biometric servicesFace matching and liveness verificationCanada and United States
Email deliveryTransactional notifications and support messagesAs required for delivery
Application hostingPlatform APIs, database, and real-time updatesCanada